I'm writing a script to audit/apply security settings on NT 4.0 and Windows 2000 servers. NT 4.0 is very straightforeward (registry settings, API calls) for everything, but Windows 2000 introduces the security database to store some security settings. I'm trying to limit the number of system calls I make to pull/set the information, and I want to cut out using secedit altogether.

My problem is this: Complex Passwords are set in the security database. 'Net Accounts' will not pull this information, and Win32::Lanman seems to be dry here as well (though for a while I though NetUserModalsGet had hope). In NT 4.0, password filtering is handled by a .dll in the registry, but not in 2000.

Anyone know of a OLE method of pulling information from the security database? I'm already OLE'ing for IIS information, so that's no biggie to tack on more. If no OLE, any progress elsewhere?

Right now, to get complex password settings, I do this: 

$result = `secedit \/EXPORT \/DB C:\\Winnt\\Security\\Database\\secedi
+t.sdb \/CFG security.txt`;
open(SECURITY, "security.txt");
@lines = <SECURITY>;
foreach $line (@lines) {
if ($line =~ /PasswordComplexity = (\d+)/){
$passFilt = $1;
}
}

[download]
Confangled, and I'm going around my elbow to get to my nose, but it works. Any help???

Josh Pavel

In reply to Complex Passwords in Windows 2000 by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.